Transaction security method and system

ABSTRACT

There is described method and apparatus for processing signals of a telephonic communication, where the signals represent sensitive and non-sensitive information. A described method comprises processing the signals to provide a first version of the signals that is to be recorded and a second version of the signals that is to be output as audio; monitoring at least the first version of the signals to detect, in said at least the first version of the signals, one or more instances of one or more predetermined characteristics that represent the sensitive information conveyed by the signals; and modifying said at least the first version of the signals by removing the identified predetermined characteristics from said at least the first version of the signals.

FIELD OF THE INVENTION

The invention generally relates to processing of data signalsrepresenting audio, in particular to prevent the recording andpresentation of sensitive information during telephonic transactions.

BACKGROUND TO THE INVENTION

Call centres are extensively used by service providers in deliveringservices to, and communicating with, customers. Call centres typicallycomprise a large group of staff members taking or making telephone callswith customers. Call centres commonly implement two key pieces oftechnology to aid in staff training, customer complaint management, orrecord-keeping. These are call recording technologies, where an audiorecording of the customer conversation is kept, and screen recordingtechnologies, where a video or static snapshot of the staff member'scomputer terminal is kept.

Each year, millions of people telephone call centres to make serviceenquiries or financial transactions, or issue instructions to companiesthey deal with. In many cases, the customer is either required toconfirm his identity by providing the answer to security-basedquestions, or to provide his credit card details to pay for atransaction. As will be appreciated, the nature of much of thisinformation is highly sensitive. In particular, the information caninclude passwords, personally-identifiable information such as a date ofbirth, a PIN, a memorable phrase, bank account numbers, credit cardsecurity codes and the like.

Data and identity theft, as well as fraudulent financial transactions,are widespread, and so it is of particular interest to the caller tokeep secret as much of the information as possible. Disclosingpersonally-sensitive financial or other security information to a callcentre staff member has the potential to increase personal data loss ina number of ways. Firstly, the call centre staff member can write downthe customer's information for later use. Secondly, anybody with accessto an audio recording of the customer conversation can listen to thecustomer information and note it down. Thirdly, anybody with access to ascreen recording taken at the time the customer's information appearedon a call centre staff member's computer screen could note it down.Fourthly, technology exists to automatically ‘mine’ audio and screenrecordings for customer information, and data loss through this mode hasthe potential to be widespread.

As a result of these increasing security concerns, some governments haveenshrined data storage security standards in law, and some industrybodies have enacted their own guidelines surrounding the storage ofpersonal data. One example is the Payment Card Industry (PCI) SecurityStandards Council, which issues guidelines for the processing andstorage of credit card data, globally. Their Data Security Standards(DSS), periodically updated, dictates the methods and ways in whichcompanies processing credit card data (including telephone-based creditcard transactions) can store card and personal data. Regulations andguidelines such as these have a direct impact on call centres which takecustomers' sensitive data in telephone conversations. For example, theDSS stipulates that the 3 or 4 digit Card Verification Value(CV2—sometimes also known as CVN, CW2, CVC2 or CID) not be stored in anyformat, including as encrypted audio recordings.

FIG. 1 schematically shows a prior art call centre operation 100. A callfrom customer 104 is routed over a network 112 to the call centre 102,where it is switched by private branch exchange (PBX) 108 to a phone 105of one of a number of call centre agents 120 operating computerterminals 106. The incoming call is also branched off to a callrecording device 110, which can be located at the call centre or at atelecom service provider in the network 112.

A known approach to improve the security of a customer's interactionwith a call centre is to introduce a pause recording capability that canbe invoked while the sensitive information is being spoken to the agent.The pause can be manually or automatically triggered, for example whenthe agent clicks on the CV2 field on his monitor to enter the caller'scredit card security number. Alternatively, the agent can be bypassed byrouting the call to an Interactive Voice Response (IVR) application (notshown in FIG. 1) when the sensitive information is required, whichensures that this part of the call is not recorded. However, in thismode, the agent and caller are disconnected from each other and are notable to talk freely throughout the card transaction. Another alternatemethod, turning off the recording, is not always practical, as mostorganisations carrying out credit card transactions need to record callsfor staff training, investigating customer complaints, and in somecircumstances to comply with industry or legal regulation such as thoselaid down by the Financial Services Authority (FSA).

Another known approach is to have callers use Dual-tone multi-frequency(DTMF) signalling. DTMF tones are typically produced by pressing thekeys on a standard telephone, and are used for ‘touch dialing’. Inaddition to its use for dialing, DTMF tones can communicate severalalphanumeric characters clearly through a telephone's audio channelduring a phone call. DTMF has the security advantage that it isimpractical for a human to determine the alphanumeric equivalent of theDTMF tone simply by hearing the DTMF tone. Furthermore, it allows thecall to continue as normal whilst the caller enters their credit cardinformation using their phone keypad. However, the DTMF tones arerepresentative of the sensitive information and so cannot be recorded ifthe DSS is to be complied with. To address this issue, it is known tointroduce a call processor 116 at the call centre 102 that blocks DTMFtones.

For example, International Patent Application WO 2009/136163 (SemafoneLimited) describes a telephone call processor with the capability to beswitched between two modes: “normal” and “safe”. In normal mode bothvoice and DTMF components are allowed to pass to the PBX. This isimportant for the operation of call centres, as DTMF tones are usedfrequently, to allow customers to operate and navigate through IVR menuselections, for example. In the safe mode the voice component of thecall is allowed to pass to the agent whilst the DTMF component isblocked or masked. This means both the agent and the call recording donot ‘hear’ the DTMF data.

The process of switching between a ‘normal’ and ‘safe’ mode, however,can require a complex interaction between a call centre's phone system,its credit card payment processes and its agents' desktop computers. Aneed therefore exists for improved methods and apparatus that do notrely on invoking different operating states at different times during acall.

SUMMARY OF THE INVENTION

In one aspect of the invention there is provided a method of processingsignals of a telephonic communication, the signals conveying sensitiveand non-sensitive information, the method comprising processing thesignals to provide a first version of the signals that is to be recordedand a second version of the signals that is to be output as audio;monitoring at least the first version of the signals to detect, in theat least the first version of the signals, one or more instances of oneor more predetermined characteristics that represent the sensitiveinformation conveyed by the signals; and modifying the at least thefirst version of the signals by removing the identified predeterminedcharacteristics from the at least the first version of the signals.

The provision of first and second versions of the signals means that theneed to invoke different operating states at different times during thecommunication can be avoided. In particular, the first and secondversions of the signals can be handled separately from each other, sothat monitoring and modifying of signals can be performed forsubstantially the entire telephonic communication and without anyadditional actions from the participants of the telephoniccommunication.

Examples of predetermined characteristics include, but are not limitedto, waveform patterns such as Dual Tone Multiple Frequency tone patternsand voice patterns, and bit patterns such as data packet identifiers of,for example, VoIP packets.

In one embodiment, the method further comprises recording the firstversion of the signals at a call processor implementing the monitoringand the modifying. This allows the method to be performed at the pointof recording.

In one embodiment, the method further comprises buffering the at leastthe first version of the signals, and wherein modifying the at least thefirst version of the signals comprises removing at least a portion ofthe buffered the at least the first version of the signals preceding apoint of detection for each identified instance of the predeterminedcharacteristics. This allows the modification of the monitored signalsto compensate for the time interval associated with the detection of thepredetermined characteristics. The portion can correspond to about up toabout 50 milliseconds of audio information, for example between about 10to 20 milliseconds of audio information.

In one embodiment the method further comprises determining analphanumeric representation corresponding to each identified instance ofthe predetermined characteristics, and outputting data indicative ofsaid alphanumeric representation for use by a software application. Inthis way, data representing the sensitive information can beautomatically extracted without the involvement of the agent and outputto a computer software application. The data can be formatted into aformat suitable for the software application. Examples of alphanumericrepresentation include, but are not limited to phrases, words, letters,and numbers (individual or grouped).

In one embodiment, the method further comprises generating an emulatedinput device signal for the alphanumeric representation, and wherein theoutputting of data comprises outputting the emulated input devicesignal. This allows data to be input directly into a softwareapplication.

In one embodiment, the method further comprises determining a targetcomputer device from among a plurality of computer devices, theoutputting comprising transmitting the data to the target computerdevice. In one embodiment, the target computer device is determinedbased on an IP address contained in the signals. Thus, the callprocessor can route incoming signals to a respective computer device,such as a computer terminal of a call centre agent.

In one embodiment, the software application resides on a computer deviceat a location remote from the call processor, the method furthercomprising encrypting the data.

In one embodiment, the method further comprises preventing a display ofthe alphanumeric representation by the software application. Suchprevention can include instructing the software application to output amasked alphanumeric representation or generating a blank over a dataentry field, for example.

In one embodiment, at least the monitoring and the modifying are appliedto the second version of the signals (that are to be output as audio),the method further comprising outputting the modified second version ofthe signals. In this way, audio to an agent, for example, can be masked.

In another aspect of the invention there is provided a call processorfor processing signals of a telephonic communication, the signalsconveying sensitive and non-sensitive information, the call processorcomprising means configured to receive a first version of the signalsthat is to be recorded, wherein said first version of the signals is oneof at least two versions of the signals that include a second version ofthe signals that is to be output as audio; means configured to monitorat least the first version of the signals to detect, in the at least thefirst version of the signals, one or more instances of one or morepredetermined characteristics that represent the sensitive informationconveyed by the signals; and means configured to modify the at least thefirst version of the signals by removing the identified predeterminedcharacteristics from the at least the first version of the signals.

In one embodiment the call processor further comprises means configuredto record said first version of the signals.

In one embodiment, the call processor further comprises means configuredto buffer the at least the first version of the signals, and wherein themeans configured to modify the at least the first version of the signalsis configured to remove at least a portion of the buffered the at leastthe first version of the signals preceding a point of detection for eachidentified instance of the predetermined characteristics.

In one embodiment, the call processor further comprises means configuredto determine an alphanumeric representation corresponding to eachidentified instance of the predetermined characteristics, and meansconfigured to output data indicative of said alphanumeric representationfor use by a software application.

In one embodiment, the call processor further comprises means configuredto generate an emulated input device signal for the alphanumericrepresentation, and wherein the means configured to output data isconfigured to output the emulated input device signal. The output can bea Universal Serial Bus (USB) interface or any other interface suitablefor connecting to a personal computer.

In one embodiment, the call processor further comprises means configuredto prevent a display of the alphanumeric representation by the softwareapplication.

In one embodiment, the call processor further comprises means configuredto determine a target computer device from among a plurality of computerdevices, said outputting comprising transmitting the data to said targetcomputer device. In one embodiment, the target computer device isdetermined based on an IP address contained in the signals.

In one embodiment, the software application resides on a computer deviceat a location remote from the call processor, the call processor furthercomprising means configured to encrypt the data.

In one embodiment, the call processor further comprises means configuredto output the modified second version of the signals.

In another aspect of the invention there is provided a method ofprocessing signals of a telephonic communication, the signals conveyingsensitive and non-sensitive information, the method comprising bufferingthe signals; monitoring the signals to detect, in the signals, one ormore instances of one or more predetermined characteristics thatrepresent the sensitive information conveyed by the signals; andmodifying the buffered signals by removing the identified predeterminedcharacteristics.

As described previously, buffering the signals allows the modificationto compensate for the small time period associated with the detection ofthe predetermined characteristics. In this way the method can beimplemented as a standalone method, for example at already existingrecording devices such as a call recording server. Thus in oneembodiment, modifying the buffered signals comprises removing at least aportion of the buffered signals preceding a point of detection for eachidentified instance of the predetermined characteristics.

In one embodiment, the method further comprises recording the modifiedsignals.

In another aspect of the invention there is provided a call processorfor processing signals of a telephonic communication, the signalsconveying sensitive and non-sensitive information, the call processorcomprising means configured to buffer the signals; means configured tomonitor the signals to detect, in the signals, one or more instances ofone or more predetermined characteristics that represent the sensitiveinformation conveyed by the signals; and means configured to modify thebuffered signals by removing the identified predeterminedcharacteristics.

In one embodiment, the means configured to modify the buffered signalsis configured to modify the buffered signals by removing at least aportion of the buffered signals preceding a point of detection for eachidentified instance of the predetermined characteristics.

In one embodiment, the call processor further comprises means configuredto record the modified signals.

In another aspect of the invention there is provided a method ofprocessing signals of a telephonic communication, the signals conveyingsensitive and non-sensitive information, the method comprisingprocessing the signals to provide a first version of the signals that isto be recorded and a second version of the signals from whichinformation is to be extracted; at a first location: monitoring saidfirst version of the signals to detect, in the first version of thesignals, one or more instances of one or more predeterminedcharacteristics that represent the sensitive information conveyed by thesignals; modifying said first version of the signals by removing theidentified predetermined characteristics from said first version of thesignals; and outputting the modified first version of the signals forrecording; and at one or more second locations: monitoring said secondversion of the signals to detect, in the second version of the signals,one or more instances of one or more predetermined characteristics thatrepresent the sensitive information conveyed by the signals; determiningan alphanumeric representation corresponding to each identified instanceof the predetermined characteristics; and outputting data indicative ofsaid alphanumeric representation for use by a software application.

Thus this method facilitates recording at a first location and dataextraction at a second location, for example at a central server and anagent station of a call centre, respectively.

In one embodiment, the method further comprises, at the first location,buffering the first version of the signals, and wherein modifying thefirst version of the signals comprises removing at least a portion ofthe buffered first version of the signals preceding a point of detectionfor each identified instance of the predetermined characteristics.

In one embodiment, the method further comprises recording the firstversion of the signals at the first location.

In one embodiment, the method further comprises, at the one or moresecond locations, preventing a display of said alphanumericrepresentation by the software application.

In one embodiment, the method further comprises, at the one or moresecond locations, modifying the second version of the signals byremoving the identified predetermined characteristics from the secondversion of the signals, and outputting the second version of the signalsfor hearing.

In one embodiment, the method further comprises, at the one or moresecond locations, generating an emulated input device signal for saidalphanumeric representation, and wherein the outputting of datacomprises outputting the emulated input device signal.

In another aspect of the invention there is provided a call processorfor processing signals of a telephonic communication, the signalsconveying sensitive and non-sensitive information, the call processorcomprising a first means at a first location comprising: receiving meansconfigured to receive a first version of the signals; monitoring meansconfigured to monitor said first version of the signals to detect, inthe first version of the signals, one or more instances of one or morepredetermined characteristics that represent the sensitive informationconveyed by the signals; modifying means for modifying said firstversion of the signals by removing the identified predeterminedcharacteristics from said first version of the signals; and outputtingmeans for outputting the modified first version of the signals forrecording; and a second means at one or more second locationscomprising: receiving means configured to receive a second version ofthe signals; monitoring means configured to monitor said second versionof the signals to detect, in the second version of the signals, one ormore instances of one or more predetermined characteristics thatrepresent the sensitive information conveyed by the signals; determiningmeans configured to determine an alphanumeric representationcorresponding to each identified instance of the predeterminedcharacteristics; and outputting means configured to output dataindicative of said alphanumeric representation for use by a softwareapplication.

In one embodiment, the first means further comprises buffering meansconfigured to buffer the first version of the signals, and wherein themodifying means is configured to remove at least a portion of thebuffered first version of the signals preceding a point of detection foreach identified instance of the predetermined characteristics

In one embodiment, the first means further comprises means configured torecord the first version of the signals.

In one embodiment, the second means further comprises preventing meansconfigured to prevent a display of said alphanumeric representation bythe software application.

In one embodiment, the second means further comprises modifying meansconfigured to modify the second version of the signals by removing theidentified predetermined characteristics from the second version of thesignals, and outputting means configured to output the second version ofthe signals for hearing.

In one embodiment, the second means further comprises generating meansconfigured to generate an emulated input device signal for thealphanumeric representation, and wherein the outputting means configuredto output data is configured to output the emulated input device signal.

In another aspect of the invention there is provided a method ofprocessing signals of a telephonic communication, the signals conveyingsensitive and non-sensitive information, the method comprising receivingthe signals; monitoring the received signals to detect, in said signals,one or more instances of one or more predetermined characteristics thatrepresent the sensitive information; determining an alphanumericrepresentation corresponding to each identified instance of thepredetermined characteristics; generating an emulated input devicesignal for each alphanumeric representation; and outputting saidemulated input device signal for use by a software application, theoutputting comprising performing a validation check to ensure that theemulated input device signal is entered into a validated data entryfield of a validated software application.

The emulation of an input device signal means that the extracted datacan be conveyed to the software application in a format that is readilyrecognizable. By performing a validation check to determine that theemulated input device signal is entered to the expected data entrylocation within the expected software application, the entry of emulatedinput device signal to unexpected data entry locations can be denied.This may include determining the current ‘window title’ of a softwareapplication, determining the current data entry field title, inspectionof a data entry field's properties, determining any otherapplication-specific property, or determining any other on-screeninformation. The methods for performing validation checking couldinclude API communication, inspection of a web page's html content ordocument object model or any similar or related communication requiredto interact with the software application. In this way, validationchecks can, for example, determine whether the ‘display as asterisks’(*) property of an on-screen display field has been enabled, or whetherthe number of characters which can be entered into the data entry fieldcorresponds with the length of the alphanumeric representation. In sodoing, agents can be prevented, for example, from using the emulatedinput device signal to enter sensitive card details into a separatelocation from where they can be stolen.

In one embodiment, the method further comprises modifying the receivedsignals by removing the identified predetermined characteristics fromsaid received signals, and outputting the modified signals for hearing.

In one embodiment, the method further comprises preventing a display ofthe alphanumeric representation by the software application.

In one embodiment, the outputting of the emulated input device signalcomprises entering the emulated input device signal as data into avalidated data entry field of the software application.

It will be appreciated that the preventing of a display of thealphanumeric representation and the entering of the emulated inputdevice signal into a validated data entry field are just two of manyinteractions or commands which can be implemented in order to controlthe use or application of the extracted data.

In another aspect of the invention there is provided a call processorfor processing signals of a telephonic communication, the signalsconveying sensitive and non-sensitive information, the call processorcomprising means configured to receive the signals; means configured tomonitor said signals to detect, in said signals, one or more instancesof one or more predetermined characteristics that represent thesensitive information; means configured to determine an alphanumericrepresentation corresponding to each identified instance of thepredetermined characteristics; means configured to generate an emulatedinput device signal for each alphanumeric representation; meansconfigured to output said emulated input device signal for use by asoftware application; and means configured to perform a validation checkto ensure that the emulated input device signal is entered into avalidated data entry field of a validated software application.

Such a call processor can be easily introduced into existinginfrastructures, for example either as software or hardware at acomputer terminal. Thus, the call processor can output signals to acomputer terminal by means of a USB or other suitable interface.

In one embodiment, the call processor further comprises means configuredto modify said received signals by removing the identified predeterminedcharacteristics from said received signals, and means configured tooutput said received signals for hearing.

In one embodiment, the call processor further comprises preventing meansconfigured to prevent a display of the alphanumeric representation bythe software application.

In another aspect of the invention there is provided a method ofprocessing signals of a telephonic communication by a call processor,the signals conveying sensitive and non-sensitive information, themethod comprising receiving the signals; monitoring the received signalsto detect, in the signals, one or more instances of one or morepredetermined characteristics that represent the sensitive informationconveyed by the signals; determining an alphanumeric representationcorresponding to each identified instance of the predeterminedcharacteristics; generating data indicative of the alphanumericrepresentation; determining a target computer device from among aplurality of computer devices; and outputting the data for use by asoftware application executable on the target computer device.

In one embodiment, the method further comprises modifying the receivedsignals by removing the identified predetermined characteristics fromthe received signals, and outputting the modified signals for recording.

In one embodiment, the data comprises an emulated input device signalgenerated for each alphanumeric representation.

In one embodiment, the method further comprises entering the emulatedinput device signal as data into a validated data entry field of thesoftware application.

In one embodiment, the method further comprises preventing a display ofthe alphanumeric representation by the software application.

In one embodiment, the target computer device is determined based on anIP address contained in the signals.

In another aspect of the invention there is provided a call processorfor processing signals of a telephonic communication, the signalsconveying sensitive and non-sensitive information, the call processorcomprising means configured to receive the signals; means configured tomonitor the signals to detect, in the signals, one or more instances ofone or more predetermined characteristics that represent the sensitiveinformation; means configured to determine an alphanumericrepresentation corresponding to each identified instance of thepredetermined characteristics; means configured to generate dataindicative of the alphanumeric representation; means configured todetermine a target computer device from among a plurality of computerdevices; and means configured to output the data for use by a softwareapplication executable on the target computer device.

In one embodiment, the call processor further comprises means configuredto modify the received signals by removing the identified predeterminedcharacteristics from the received signals, and means configured tooutput the modified signals for recording.

In one embodiment, the data comprises an emulated input device signalgenerated for each alphanumeric representation.

In one embodiment, the call processor further comprises means configuredto enter the emulated input device signal as data into a validated dataentry field of the software application.

In one embodiment, the call processor further comprises means configuredto prevent a display of the alphanumeric representation by the softwareapplication.

In one embodiment, the means configured to determine a target computerdevice is configured to determine the target computer device based on anIP address contained in the signals.

In another aspect of the invention there is provided a method ofprocessing signals of a telephonic communication by a call processor ata first location, the signals conveying sensitive and non-sensitiveinformation, the method comprising receiving the signals; monitoring thereceived signals to detect, in the signals, one or more instances of oneor more predetermined characteristics that represent the sensitiveinformation conveyed by the signals; generating data indicative of thealphanumeric representation; encrypting the data; and outputting theencrypted data for transmission over a network to a computer device at asecond location.

In one embodiment, the method further comprises modifying the receivedsignals by removing the identified predetermined characteristics fromthe received signals, and outputting the modified signals for recording.

In one embodiment, the encrypted data is transmitted via a computerdevice at the first location.

In one embodiment, the method further comprises receiving a message fromthe computer device at the second location indicating whether or not theencrypted data was successfully processed by the software application.

In another aspect of the invention there is provided a call processorfor processing signals of a telephonic communication, the signalsconveying sensitive and non-sensitive information, the call processorlocated at a first location, the call processor comprising meansconfigured to receive the signals; means configured to monitor thesignals to detect, in the signals, one or more instances of one or morepredetermined characteristics that represent the sensitive information;means configured to generate data indicative of the alphanumericrepresentation; means configured to encrypt the data; and meansconfigured to output the encrypted data for transmission over a networkto a computer device at a second location.

In one embodiment, the call processor further comprises means configuredto modify said received signals by removing the identified predeterminedcharacteristics from said received signals, and means configured tooutput the modified signals for recording.

In one embodiment, the transmission is carried out via a computer deviceat the first location.

In one embodiment, the call processor further comprises means configuredto receive a message from the computer device at the second locationindicating whether or not the encrypted data was successfully processedby the software application.

In another aspect of the invention there is provided a method ofconducting a transaction, the method comprising establishing atelephonic communication between a customer and a call centre agent, thetelephonic communication comprising signals conveying sensitive andnon-sensitive information of the customer; processing the signals toprovide a first version of the signals that is to be recorded and asecond version of the signals that is to be output as audio to the callcentre agent; monitoring, by a call processor, at least the firstversion of the signals to detect, in the at least the first version ofthe signals, one or more instances of one or more predeterminedcharacteristics that represent the sensitive customer informationconveyed by the signals; modifying, by the call processor, the at leastthe first version of the signals by removing the identifiedpredetermined characteristics from the at least the first version of thesignals; and processing the transaction by a software applicationexecuting on a computing device, using the sensitive informationconveyed in the signals.

In one embodiment, the method further comprises determining, by the callprocessor, an alphanumeric representation corresponding to eachidentified instance of the predetermined characteristics; generating, bythe call processor, data indicative of the alphanumeric representation;and outputting, by the call processor, the data for use by the softwareapplication to process the transaction.

In one embodiment, the data comprises an emulated input device signalfor each alphanumeric representation.

In one embodiment, the method further comprises identifying, by the callprocessor, the computing device from among a plurality of computingdevices.

In one embodiment, the determining is based on an IP address containedin the signals.

In one embodiment, the method further comprises encrypting, by the callprocessor, the data; and wherein the outputting comprises outputting theencrypted data for transmission over a network to a computing device ata location remote from the call centre.

The present invention and any of its embodiments can be implemented bysoftware on a general purpose computer or in a combination of softwareand hardware. Thus any of the ‘means’ defined above can be implementedas code modules in any combination in a computer.

In one embodiment of the invention there is provided a computer programproduct which may be embodied in a passive storage medium, and whichconfigures a computer to perform a method defined in any one of theparagraphs above. Here, the term computer may encompass a computer withdedicated hardware.

Aspects of the invention may be provided in the form of a computerprogram product on a carrier medium, which may be embodied in a passivestorage medium such as an optical or magnetic medium, or in anelectronic medium such as a mass storage device (e.g. a FLASH memory),or in a hardware device implemented to achieve execution of instructionsin accordance with the invention, such as ASIC, an FPGA, a DSP, a RISCmicrocontroller or the like. Alternatively the carrier medium cancomprise a signal carrying the computer program code such as an opticalsignal, an electrical signal, an electromagnetic signal, an acousticsignal or a magnetic signal. For example, the signal can comprise aTCP/IP signal carrying the code over the Internet.

As used herein, the term “telephonic communication” generally refers tothe transmission of information over a communication channel, whichincludes wired and wireless communications channels (or both), andencompasses packet-based communications such as VoIP.

As used herein, the term “version” is generally used to describe aparticular instance of the signals that convey substantially the sameinformation content as other instances of the signals.

The methods and apparatus can be readily utilised in call centreoperations, for example at an agent station comprising an agent audiotelephonic communication arrangement (e.g. phone and/or phoneheadset/handset) and an agent computer system, or at a call recordingserver, or a combination thereof. However, it will be appreciated thatthe disclosure is applicable to other applications that performrecording and data extraction.

BRIEF DESCRIPTION OF THE EMBODIMENTS

Further aspects, features and advantages of the invention will becomeapparent to the reader of the following description of specificembodiments of the invention, provided by way of example only, withreference to the accompanying drawings, in which:

FIG. 1 schematically shows a known call centre operation;

FIG. 2 schematically shows a call centre operation employing callprocessors in accordance with embodiments of the invention;

FIG. 3 schematically shows a call processor in accordance with anembodiment of the invention in which signal modification and dataextraction is implemented as software in a computer terminal;

FIG. 4 schematically shows a flow diagram of a process of processingdata signals in accordance with an embodiment of the invention;

FIG. 5 schematically shows the detection and signal modification inaccordance with an embodiment of the invention;

FIG. 6 schematically shows a call processor in accordance with anembodiment of the invention in which data extraction is implemented assoftware;

FIG. 7 schematically shows a call processor in accordance with anembodiment of the invention in which data extraction is implemented ashardware;

FIG. 8 schematically shows a call processor in accordance with anembodiment of the invention in which data extraction is implemented ashardware;

FIG. 9 schematically shows a call processor in accordance with anembodiment of the invention in which signal modification and dataextraction is implemented as hardware;

FIG. 10 schematically shows a call processor in accordance with anembodiment of the invention in which data extraction is implemented ashardware;

FIG. 11 schematically shows a call processor in accordance with anembodiment of the invention in which data extraction is implemented in acomputer terminal;

FIG. 12 schematically shows a call processor in accordance with anembodiment of the invention in which signal modification is performed ator near a call recording device.

FIG. 13 schematically shows a call processor in accordance with anembodiment of the invention in which data extraction is implemented ashardware.

FIG. 14 schematically shows a call processor in accordance with anembodiment of the invention in which signal modification is performed ator near a call recording device, and in which data extraction isperformed at the same location.

DETAILED DESCRIPTION OF THE EMBODIMENTS

FIG. 2 schematically shows an exemplary call centre operation 200 thatimplements methods and call processors in accordance with variousembodiments of the invention.

An incoming call from customer 204 is routed over a network 212 to thecall centre 202, where it is switched by private branch exchange (PBX)208 or the like to a phone 205 of one of a number of agents 220operating computer terminals 206. Each phone 205 is coupled to thecorresponding computer terminal 206 by an adapter 207, which alsoconnects to a handset or headset (not shown) of the agent 220.

In an embodiment, described below with reference to FIG. 3, signalmodification, data extraction, and visual masking is performed locallyat the computer terminals 206 by call processors 216 a, implemented assoftware on the computer terminals 206. In such a case, call recordingdevice 210 does not need to be used. Instead, calls can be recordedtemporarily at the call processors 216 a before being sent to callrecording storage 211 via a local network 214 or external network,depending on the location of the storage device.

In other embodiments, described below with reference to FIG. 6, callprocessors 216 a perform extraction of data and visual masking, but donot perform call recording. Call masking to the agent may or may not beimplemented. In such cases, already existing call recording devices 210can be retained (It will be appreciated that the call recording devicecan be ‘branched off’ before or after the PBX, for example from everysingle extension below the PBX. However, for purposes of clarity, onlyone implementation is shown). Where the existing call recording devicesdo not have call masking capabilities, call processor 216 b or callprocessor 216 c can be implemented to perform signal modification, forexample either at the call centre or at its telecoms service provider.Call processors 216 b, 216 c can operate independently of callprocessors 216 a, and are described below with reference to FIG. 12. Inembodiments, the call processor can be implemented at other locations,as shown in, and described with reference to, FIGS. 6 to 14.

In embodiments, call processors 216 b, 216 c are standalone and functionwithout the presence of call processor 216 a. As such, call processors216 b and 216 c can alternatively be introduced at call centres havingexisting data extraction methods (that is, without the need to implementcall processors 216 a). Although FIG. 2 shows call processors 216 b, 216c as separate entities from the call recording devices 210, in someembodiments the call processors can be integrated into the callrecording devices, for example as software modules.

FIG. 3 schematically shows an embodiment of a call processor 316implemented as software on a computer terminal 306 of a call centreagent 320. Call processor 316 is configured to mask DTMF tones for therecorded data. The DTMF tones to the agent's 320 headset/handset 309 arenot masked or recorded.

In more detail, an incoming call from a caller 304 is switched to thephone 305 of agent 320 by PBX 308. An adapter 307 outputs the datasignals representing audio to the headset/handset 309 of the agent 320as well as the audio conversion module 326 of the call processor 316.The data signals may comprise mono or stereo analogue audio signals,mono or stereo digital signals, mono or stereo Voice over InternetProtocol (VoIP) data signals, mono or stereo packetized audio data, andthe like.

The audio conversion module 326 is configured to convert the variousdata signals into standard digital audio, for analysis. The methods usedby the audio conversion module 326 to convert the data signals includethose familiar to those skilled in the art of audio processing, forexample decompressing of standard audio codecs (e.g. G.711μ-Law, G.711a-Law, G.729 and GSM), removing header and other non-audio informationfrom packetized data, and so on.

The digital audio is output to buffer 328 and signal monitoring module330.

The signal monitoring module 330 is configured to detect characteristicinformation (predetermined patterns) in the digital audio, for exampleparticular audio tones such as DTMF tones. The signal monitoring module330 is also configured to determine information related to thecharacteristic information, such as a number or letter represented by aDTMF tone, a time at which the pattern is detected within the digitalaudio signal, the duration of the tone (pattern), the number of DTMFtones detected, and so on.

The methods by which the signal monitoring module 330 determines whethera predetermined pattern has been found in the digital audio includethose familiar to those skilled in the art, such as Fast FourierTransformations (FFT) and digital signal processing including Goertzelanalysis. These processes are usually dependent on the nature of thepredetermined pattern being searched for within the digital audio, andcorresponding steps may need to be taken to ensure that the appropriatemethod is used for each type of predetermined pattern. Such aspects canbe defined as configuration settings for the signal monitoring module330.

Timing information established by the signal monitoring module 330 isoutput to a signal modification module 332. Thus information such as thedetected pattern's position within the digital audio can be used by thesignal modification module to determine how or when to modify thesignals, for example by applying a mask. In particular, the timingcontrol signal can indicate a start time and a finish time for eachtone, or start and finish times for a set of tones. In this way,detected DTMF tone signals that would otherwise be recorded by recordingmodule 334 are masked by signal modification module 332.

It will be appreciated that the detection of predetermined patterns willusually take a finite amount of time. For example, the recognition ofDTMF tones in digital audio can take about 10-20 ms. The buffer 328 isconfigured to temporarily store the audio signals, in order to allow thesignal modification module 332 to modify a portion of the signal thatprecedes the detected start time of each tone, for example by maskingthe digital audio. Signal modification module 332 may also modify aportion of the signal following the detected finish time for each tone.

With reference to FIG. 5, which schematically shows the detection andmasking of two DTMF tones 515 a, 515 b, the signal monitoring module 330detects at time T₁ that DTMF tone 515 a has started, and detects at timeT₂ that the tone has ended. As is evident a portion of the DTMF tone 515a exists before the detected start time T₁. The signal modificationmodule 332 may therefore apply a mask 517 a to include the portion ofDTMF tone 515 a that precedes the detected start time based on the timesignal T₁ (i.e. from time T₁−δt₁). To ensure that the entire DTMF toneis masked, the signal modification module 332 may also apply the mask517 a to a period of time subsequent to the detected finish time T₂ oftone 515 a (i.e. T₂+δt₂). DTMF tones 515 a and 515 b may be of differentduration. Likewise, the values for δt₁ and δt₂ may also be of differentduration. In an embodiment, signal modification (e.g. masking) isperformed for the audio in its entirety, for example until all 16 digitsof a credit card have been entered. Although in FIG. 5 two DTMF tonesare shown, the general principle of signal modification such as maskingcharacteristic information can be readily ascertained.

Thus the modification to the signal applied by the signal modificationmodule renders the detected pattern unattainable from the recording. Inan embodiment, the signal modification module 332 masks the digitalaudio signal by replacing it with an audible tone, e.g. at 1-2 kHz. Inthis way, according to one aspect of the invention, no part of thepredetermined patterns detected by the signal monitoring module willappear in the masked digital audio sent for storage. This ensures that,for example, DTMF tones entered by a caller, or a security check processperformed by the caller, are not passed to a recording module 334.

Referring again to FIG. 3, information established by the signalmonitoring module 330 is also output to the signal interface module 336.The signal interface module 336 may determine an alphanumericrepresentation of the detected DTMF pattern. In this way, DTMF tonesdetected in the digital audio can be automatically communicated to athird-party application 342 and processed without the call centre staffmember 320 needing to input any data into their computer terminal 306,thus removing the ability for the call centre staff member to note downthe information for possible theft. Hence the secrecy of a caller'ssecurity details, credit card numbers, or other similar data, arepreserved and not available for subsequent review in a recorded callmade from the digital audio.

Furthermore, because the signal interface module 336 can be configuredto determine and communicate the number of times a pattern or patternshave been detected, it is possible to confirm that, for example, all 16digits of a credit card number have been received correctly as thecustomer types in his card details. If not all security information hasbeen received, the third-party application 342 may prompt the callcentre staff member to ask the caller to re-enter the security data.Thus, the signals communicated by the signal interface module 336 mayprovide confirmation that the security data has been correctly entered.

In this way, a customer's credit card transaction could be processedwith minimal or no assistance from the call centre staff member andwithout the call centre staff member partaking in data entry.

The signals communicated by the signal interface module 336 to thethird-party application 342 can be communicated via electroniccommunication, such as ActiveX communication, Internet Protocolcommunication, Application Programming Interface (API) communication,signals which mimic computer keystrokes, or any other electronicmethods.

A data entry interface module 338 is configured to adapt theinformation, the method of its display within the third-partyapplication 342 or the operation of the third-party application, suchthat the information is displayed within the third-party application ina suitable format, or that the third-party application operates in adesired manner. Where the third-party application is already configuredto display the information in a suitable format, or operate in thedesired manner, the data output by the data entry interface module 338may be the same as the signals received from the signal interface module336. In this way, the data entry processor need not change the signalsor their method of display within the third-party application, or theoperation of the third-party application, and can simply pass themdirectly to the third-party application 342.

In an embodiment, the data entry interface module 338 is configured toapply visual masking commands or methods. In this way, a customer'ssecure credit card information communicated through DTMF tones (forexample), can not only be eliminated from digital audio and thealphanumeric representation of the DTMF tones passed to a third-partyapplication, but the visual display of the third-party application canbe controlled to make the alphanumeric representation of the DTMFinformation effectively obscured or invisible. In this way, not onlydoes the customer's secure information become eliminated from thedigital audio sent to storage, if any screen recording applications orprocesses are operational on the call centre staff member's computer,the screen recordings will not contain a recording of the customer'ssecure information either. In addition, the call centre staff membernever sees the card details, and hence cannot steal them.

The management module 340 is configured to determine information abouteach call, such as the length of the call and the times at which signalmodification was applied and for how long. It also allows thisinformation to be associated with the customer and the third-partyapplication.

In the embodiment shown in FIG. 3, call recording is performed locallyat the computer terminal 306 of the agent 320 by call recording module334. It is noted that there is no “overwriting” of recorded DTMF tones.Rather, DTMF tones are simply not recorded because of the buffering. Therecordings can be passed to a server periodically or at the end of thecall. Thus, calls can be constantly monitored and, where applicable,modified without the need to pause or switch between ‘normal’ and ‘safe’modes.

FIG. 4 shows a flow diagram of the steps performed by the apparatus ofFIG. 3, in relation to the recording of modified signals. At step S402the signals are received. These may be converted to, for example,digital audio. At step S404 the signals are buffered and at step S406the signals are monitored for predetermined characteristics. If they aredetected (step S408, ‘YES’) then the signals are modified. Otherwise(step S408, ‘NO’) the method returns to step S406. At step S410 signalmodification is applied to the buffered signals, before being recordedat step S412. At step S414, data is extracted.

It is to be understood that the specific order of steps in the methodsdisclosed are examples of exemplary approaches, and that steps may berearranged or omitted. For example, some embodiments do not implementbuffering (step S404) as shown in FIG. 4. Similarly, some embodiments donot perform recording (step S412) or data extraction (step S414). Inother embodiments, the steps can be performed at different locations.For example, signal monitoring and modification can be performed at afirst location, and signal monitoring and data extraction can beperformed at a second location. Thus some or all of the steps shown inthe flow diagram of FIG. 4 can be performed by the apparatus describedbelow with reference to FIGS. 6 to 12.

FIG. 6 schematically shows a call processor 616 for extracting data fromthe DTMF tones in accordance with an embodiment. The call processor 616is implemented as software on the computer terminal 606 of the agent 620who is communicating with caller 604. In this particular embodiment,there is no masking of the DTMF tones. The components of the callprocessor 616, namely the audio conversion module 626, the signalmonitoring module 630, the signal interface module 636, and the dataentry interface module 638, are generally configured as thecorresponding modules shown in, and described with reference to, FIG. 3.However, an alternative implementation, shown in FIG. 6, is an adapter623 for converting proprietary digital audio format to audio. Furtheralternatives (which will be described below) may include (for VoIP) theuse of a second LAN card in the computer terminal and a bridged LANconnection to the phone.

FIG. 7 schematically shows a call processor 716 for extracting data fromthe DTMF tones in accordance with an embodiment. The call processorcomprises a signal monitoring module 730, a signal interface module 736and a data entry interface module 738. In contrast to FIG. 6, the callprocessor 716 of FIG. 7 is implemented as hardware at the desktop of theagent 720, for example as an adapter between phone 705 andheadset/handset 709. In this particular embodiment, signal modificationto the agent 720 is not performed. In an embodiment, the data entryinterface module 738 outputs signals to third party applications 742resident on the agent's computer terminal 706 by means of a USBinterface mimicking computer keystrokes, or other signalling. FIG. 8schematically shows a specific example of a hardware implementation ofthe call processor shown of FIG. 7. The call processor 816 comprises anaudio interface 850 for receiving the data signals, a DTMF decoder 852for recognizing the DTMF tones, and a microcontroller 854. Themicrocontroller 854 comprises a data processor 856 for processing thedata signals and a USB keyboard emulator 858 that mimics the computerkeystrokes. In this way, the DTMF tones can be directly ‘inserted’ intothe third party applications resident on the agent's computer terminal806 without input from the agent 820.

FIG. 9 schematically shows a call processor 916 for extracting data fromthe DTMF tones in accordance with an embodiment. The call processor 916is implemented as hardware at the desktop of the agent 920. In thisparticular embodiment, signal modification to the agent 920 is alsocarried out by signal modification module 932. For example, the signalmodification module can take the volume to zero, or apply a signal ontop of existing signal. The use of a buffer (not shown) is optional asthe likelihood of the agent recognising the initial portion of the DTMFtone prior to masking is minimal. This is because DTMF is very difficultfor humans to interpret, and when combined with the very short durationof the DTMF tone heard by the agent prior to masking (around 10 ms), itbecomes impossible. Signal monitoring is performed by signal monitoringmodule 930. In this embodiment, the data entry interface 938 outputssignals to third party applications 942 resident on the agent's computerterminal 906 by means of a USB interface mimicking computer keystrokes,or other signalling.

FIG. 10 schematically shows an embodiment of a call processor 1016 inwhich the audio signal is taken from the PBX 1008 side of the phone. Thecall processor 1016 now comprises a signal decoding module 1026 totranslate from proprietary digital audio format to audio prior toperforming signal monitoring at signal monitoring module 1030. As such,the signal decoding module 1026 can be considered comparable to an audioconversion module. There is also provided a signal interface 1036 and adata entry interface 1038, similar to those described previously.

FIG. 11 schematically shows an embodiment of a call processor 1116representing the VoIP version of the above described call processors,operating in software at the agent desktop level. The signal monitoringmodule in this embodiment comprises a packet monitoring module 1130.Also provided are a signal interface 1136 and a data entry interface1138. For implementing VoIP, the computer terminal 1106 includes two LANcards 1160 connected by a bridge 1162, for outputting the packet streamto the VoIP phone 1122 of the agent 1120. The computer terminal alsoincludes third party applications 1142.

FIG. 12 schematically shows an embodiment of a call processor 1216configured to block DTMF tones for existing call recording devices. Thecall processor 1216 comprises a signal monitoring module 1230, a buffer1228 and a signal modification module 1232. The call processor 1216 maybe considered to be “always on” and autonomous, which is to say that itdoes not need to be switched between modes and can functionindependently. Here, call processor 1216 is shown as a separate unit tocall recording device 1210, though it will be appreciated that the callprocessor 1216 can be integral to the call recording device 1210, eitheras hardware or software.

FIG. 13 schematically shows an embodiment of a call processor 1316 forextracting data from the DTMF tones. The call processor comprises asignal monitoring module 1330, a signal interface module 1336 and a dataentry interface 1338. In contrast to the call processor embodiment shownin FIG. 7, the call processor of FIG. 13 outputs signals to one or morethird party applications 1342 resident not on the agent's computerterminal 1306 but instead on a remotely located computer 1370, such as aserver or workstation. In an embodiment, the signal interface module1336 encrypts the data extracted from the DTMF tones (or otherpredetermined characteristics) with a known secure encryption algorithm,and the data entry interface module 1338 transmits the encrypted dataover network 1312 (e.g. a wide area network, such as the Internet) tocomputer 1370 directly (that is, bypassing the agent's computer terminal1306). The third party applications 1342 then decrypt the data. Inanother embodiment, the agent's computer terminal 1306 is used as agateway for the communication between the data entry interface andcomputer 1370. However, no sensitive data in plain text form need everbe exposed to the agent's computer terminal 1306, even temporarily. Inthis way, even if a malicious person or application gains full controlof the agent's computer terminal 1306, a customer's sensitive data couldnot be determined. Third party applications 1342 at remotely locatedcomputer 1370 can then decrypt and process the customer's sensitiveinformation, returning an authorisation code, transaction number, orsimilar to the call processor 1316 or agent's computer terminal 1306.The customer's sensitive information cannot be determined based on theauthorisation code or other information that is returned. In this way, acall centre can effectively outsource processing of customers' sensitivedata, and remove some or all of the processes required to monitor agentcomputer terminals 1306 to detect intrusion or other malicious activity.

FIG. 14 schematically shows an embodiment of a call processor 1416configured to block DTMF tones to an existing call recording device1410, and also to extract data from the DTMF tones. It will beappreciated that this embodiment is applicable to other types ofpredetermined characteristics. In contrast to the call processor of FIG.12, the call processor of FIG. 14 also includes a signal interfacemodule 1436. The signal interface module 1436 may include components ofthe call processor described with reference to FIGS. 7 and 8. In anembodiment, when the signal monitoring module 1430 detects DTMF tones inthe audio signal, the signal interface module 1436 passes signalsrepresenting the DTMF tones to one or more respective agent computerterminals 1406 (only one agent computer terminal is shown for clarity).In an embodiment, the signals representing DTMF tones are received atagent computer terminals by a data entry interface 1438 operating insoftware. In this way, the signals representing DTMF signals can bedirectly ‘inserted’ into the third party applications 1442 resident onthe agent's computer terminal 1406 without input from the agent 1420,and without any connection between the agent's computer terminal 1406and the PBX 1408, phone 1405, or headset/handset 1409. In anotherembodiment, the data entry interface 1438 operating in software at theagent computer terminal 1406 may not be required, for example if thethird party applications 1442 are capable of receiving and processingthe signals representing DTMF tones directly. In an embodiment, thesignals between the signal interface module 1436 and agent computerterminal 1406 are sent over the call centre's data network (e.g. localarea network).

The means for identifying the appropriate agent computer terminal towhich the signals should be sent may vary based on the type of telephonesystem installed at the call centre, and on where the existing recordingdevice 1410 is located. Such means will be evident to a person skilledin the art. For example, incoming calls may be mapped to an agent'scomputer terminal by means of line identification. As another example,for a company with a VoIP compatible PBX and VoIP compatible callrecording device, the packet headers of the VoIP packets containingaudio information which is to be recorded may also include the IPaddress of the agent computer terminal 1406 or phone 1405 where the callis received by an agent. Thus, when the signal monitoring module 1430detects DTMF tones within the audio stream, the signal interface module1436 can additionally identify the relevant computer terminal's IPaddress, and this can then be used when routing signals representingDTMF tones.

It will be understood that references to “one embodiment”, “anembodiment”, “an example embodiment”, etc., indicate that the embodimentdescribed may include a particular feature, structure, orcharacteristic, but every embodiment may not necessarily include theparticular feature, structure, or characteristic. Moreover, such phrasesare not necessarily referring to the same embodiment. Similarly, when aparticular feature, structure, or characteristic is described inconnection with one embodiment, it will be within the knowledge of oneskilled in the art to effect such feature, structure, or characteristicin connection with other embodiments whether or not explicitlydescribed. For example, it is possible to combine a first call processorfor extracting data from DTMF tones, in accordance with the callprocessor shown in FIG. 7, with a second call processor configured toblock DTMF tones for existing call recording devices, in accordance withthe call processor shown in FIG. 12. The two call processors may operatein the same environment such as a call centre. Indeed, there may be morethan one call processor of each “type”, i.e. more than one callprocessor for extracting the DTMF tones and more than one call processorfor blocking the DTMF tones. For convenience, these two types of callprocessor can be referred to as “decoder” and “filter” call processors.Although there is no communication between the decoder and filter callprocessors, they act jointly to block DTMF tones to an existing callrecording device, and also extract data from the DTMF tones and send theextracted data directly to the agent's computer terminal, with theextracted data possibly prevented from being displayed to the agent.This enables a call centre to isolate its existing call recordingsystem, existing screen recording system and also its agents from acustomer's sensitive data, without having to make any changes to itsexisting computer systems in use at the agent's computer terminal, orits call or screen recording systems. As another example, the callprocessor 1316 shown in FIG. 13 may include a signal modification module932 as shown in FIG. 9.

Although in foregoing embodiments DTMF tones in digital audio signalsare detected and masked, the signal data may comprise VoIP data packets.In the case of VoIP, DTMF “tones” are transmitted in specific packets(RFC 2833 RTP Event packets). In that case, the data corresponding tothe voice packets can be recorded while the DTMF packets are discarded,i.e. packet filtering can be applied. However, at the transmitter thereis a small delay for the DTMF tone to be recognised, prior to thetransmitter sending an RFC 2833 RTP Event packet. Hence, in this case,buffering can be used to mask all DTMF information preceding the receiptof the RFC 2833 RTP Event packet.

Although in foregoing embodiments the predetermined patterns aredescribed as comprising audio tones such as DTMF tones, other kinds ofpredetermined patterns can also be detected, for example voice signalsthat contain voice biometric information, information representing aspoken word or phrase, or spoken security information (such as apassword, pass phrase, or other security information). Thus any of theaforementioned signal monitoring modules can be configured to establishthe information with reference to external sources, e.g. a database ofcustomer passwords, and using digital signal processing techniques suchas speech recognition techniques. For voice recognition where only partof the password is to be provided by the caller (e.g. two random lettersof a ten letter word), the detected voice patterns corresponding to theletters need only be masked for the recording module as the agent cannotconstruct the full password. Of course, for voice recognition where afull password is required, the output to the agent can be masked.Further still, at the point at which the password is to be spoken, theaudio to the agent can be switched off.

As such, the signal monitoring module may make reference to anadditional source in order to determine the nature of the signalscommunicated to an external source. In this manner, other functionalityis possible (for example referring to a database containing customerpasswords to ascertain whether a customer has passed a security check,or communicating with a credit card payment system to authorise acustomer transaction).

Although the foregoing embodiments indicate that the signal interfacemodule is configured to determine and communicate the number of timespatterns have been detected, other variations are envisaged. Forexample, the signals communicated by the signal interface module can beconfigured to indicate the duration of the detected pattern and theproportion or length of the detected pattern which has been detectedwithin a defined timeframe. In this way, it is possible for thethird-party application to determine how much of the customer's securityinformation has been received.

In an embodiment, the signal interface module provides confirmation thata security check has been passed. In this way, it is possible toconfirm, via the third-party application, to the call centre staffmember, that the caller has passed a security check, without the callcentre staff member having to perform or assist the security checkoperation.

In foregoing embodiments the signal interface module is described ascommunicating signals representing one or more of an alphanumericrepresentation of the detected pattern, the number of times a pattern orpatterns have been detected, the duration of the detected pattern, theproportion or length of the detected pattern which has been detectedwithin a defined timeframe, confirmation that a security check has beenpassed, and confirmation that a transaction has been authorised.Alternatively, or in addition, other types of signals can also becommunicated. These include signals representing the type of patternwhich has been detected, meta-data relating to the detected pattern andthe digital audio, the value of a hash function operating on thedetected pattern, a uniquely-generated identifier representing thedetected data, a true/false value based on whether or not apredetermined pattern has been detected, a statistical probability thatthe predetermined pattern has been detected, a reference to a recordwithin a database which is matched or probably matched by the detectedor probably detected pattern, ‘begin data’ or ‘end data’ signals basedon the detected pattern, a value or sequence of separate values based onthe detected pattern, and no signal being communicated.

For example, based on the type of pattern which has been detected, it ispossible for the third-party application to be made aware of whether(for example) the customer has generated a DTMF tone using his telephonekeypad.

Meta-data relating to the detected pattern and the digital audio enablesthe third-party application to be made aware of (for example) the timethe pattern was detected, the number of occurrences within the digitalaudio, and the duration of the pattern. This use also allows such datato be stored with or alongside the masked digital audio, for latersearching or reporting. In this way, it is possible to easily find allrecorded calls where DTMF tones have been masked, simply by searchingthrough the associated meta-data for these calls.

The value of a hash function operating on the detected pattern, and theuniquely-generated identifier representing the detected data, enable thethird-party applications to store representations of credit cardnumbers, without storing the actual credit card numbers themselves, andwithout the credit card number being stored in the call recording. This‘tokenisation’ or ‘hashing’ is familiar to those skilled in the area ofcredit card security or cryptography, and acts to improve security. The‘token’ or ‘hash’ values are unable to be used to make credit cardtransactions, but they are useful for reporting on customer data,determining where the same credit card has been used to make purchasesat another time, and for other marketing or statistical analysis.

True/false values based on whether or not a predetermined pattern hasbeen detected, as well as signals representing a statistical probabilitythat the predetermined pattern has been detected, allow third-partyapplications to determine the statistical ‘confidence’ that a customerhas (for example) passed a security check.

Signals representing a reference to a record within a database which ismatched or probably matched by the detected or probably detectedpattern, allows a third-party application to be provided with (forexample) the name of the customer who matches, or most likely matches, asecurity check just undertaken by a caller, but without the actualsecurity information (such as a password) appearing in the associatedcall recording.

Signals representing ‘begin data’ or ‘end data’ based on the detectedpattern allow a third-party application to (for example) be prepared toreceive incoming card data, and to then stop receipt of data, based onthe detection of particular DTMF alphanumeric characters. For example,if a customer entered his card details prefixed with a hash ‘#’ tone,the signal interface module would effectively alert the third-partyapplication that card details were following. A star ‘*’ tone, forexample, would end the receipt of card details by the third partyapplication. Also in this manner, customers who make a mistake enteringtheir card details can press hash ‘#’ to start again.

A value or sequence of separate values based on the detected patternallows a third-party application to determine that it is receiving asignal from the call processor and not from another source. For example,in one embodiment, the call processor outputs signals to a computerterminal by means of a USB interface mimicking computer keystrokes. Bycommunicating a sequence of separate values (for example a predeterminedsemi-random string which has a very low probability of ever being typedby a human), the third party application can determine accurately thatit is receiving a signal directly from the call processor and not from ahuman typing into a keyboard.

Communicating no signal based on the detected pattern allows the callprocessor to (for example) automatically correct some errors which maybe introduced by a customer typing in card details. For example, carddetails do not contain the hash ‘#’ character, so by not transmittingany signal when a customer types hash ‘#’ the third-party application isisolated from the error. This same process is useful in eliminating thetransmission of special ‘control’ tone sequences (such as ‘begin data’and ‘end data’ described above), which may be used primarily tocommunicate with the call processor but which are not intended foronward communication to a third-party application.

Furthermore, signals communicated by the signal interface module may becommunicated as the pattern is detected. Thus as DTMF tones aredetected, the alphanumeric representations of them can be passeddirectly to the third-party application with no delay. Further still,the signals communicated by the signal interface module may be bufferedand then communicated at a later time. As such, the entire DTMF sequencecan be detected, and then their alphanumeric representationscommunicated in one go to the third-party application. Yet further, thesignals communicated by the signal interface module may be communicatedon demand from another appropriately-authorised source. In this way, anappropriately-authorised third-party application could request from thesignal interface module the number of DTMF tones which have beendetected during the current call.

During communication with a third-party application, it is advantageousif the identity of the third-party application is established as beingappropriately authorised to receive such communications. Theauthorisation credentials can be in the form of a security certificateor other similar certification device familiar to those skilled in theart of communications security.

The signals communicated by the signal interface module may be with theoperating system of a data processing apparatus (a computer). Thesignals communicated by the signal interface may be with the operatingsystem of a telephone or other portable communication device. Thesignals communicated by the signal interface may be communicated via anintermediate method (such as via text files, XML files, or Really SimpleSyndication (RSS)). In these ways, many different third-partyapplications can be communicated with via the signal interface,according to communications format standards familiar to those skilledin the art.

The signals communicated by the signal interface may represent “plaintext” unencrypted communications. They may also represent encryptedcommunications, using data encryption techniques familiar to thoseskilled in the art. In these ways, both ‘open’ and ‘closed’ (or secure)communications are possible with third-party applications.

Although in foregoing embodiments a mask applied by the signalmodification module replaces the detected pattern with an audio tone ofa single pitch, the modification could alternatively comprise randomaudio tones, or a white noise signal. Additionally, the modificationapplied by the signal modification module may act to remove or obscurepart of the detected pattern, whereby the initial data signals whichrepresent audio are unable to be determined in their entirety from themasked digital audio. In these ways, the detected signal is variouslyobscured in the digital audio, but the digital audio will still containaudible ‘placeholders’ to signify that a pattern was detected.

The modification applied by the signal modification module may act toencrypt the detected pattern. In this way, according to one aspect ofthe invention, a customer's personal security data can be encrypted(preferably with an encryption algorithm familiar to those skilled inthe art) for later decryption by an appropriately-authorised applicationor person. In this manner, people or applications without theappropriate authorisation to decrypt the pattern will be unable todetermine its nature.

The modification applied by the signal modification module may act onone of the stereo channels of the digital audio signals, if the digitalaudio signals are in stereo. In this way, according to one aspect of theinvention, a customer's credit card details sent through DTMF can beeliminated from the digital audio, but any conversation or other audiosignals in the digital audio being spoken by, for example, a call centrestaff member, are unaffected. Additionally, the modification applied bythe signal modification module may act on both of the stereo channels ofthe digital audio signals, if the digital audio signals are in stereo.

The signal-related data output by the data entry processor may representa placeholder (such as the alphanumeric character ‘*’). In this way, acustomer's data may be represented on the call centre staff member'scomputer as a series of asterisks, ‘X’ marks, or similar, to obscure thesensitive information, while still fulfilling the requirement of thecall centre staff member's computer applications that relevant datashould be entered into the application.

Further, the placeholder may be a random alphanumeric character. It mayfurther be in the same format of information expected to be received bythe third-party application. In this way, the call centre staff member'scomputer application may be satisfied as to the format, composition,length or other attributes of any data entry requirements.

Additionally, the placeholder may be deliberately not in the same formatof information expected to be received by the third-party application.In this way, a third-party application may be provided with informationwhich it interprets as deliberately wrong, in order to trigger asubsequent request of further data.

The signals received from the signal interface may be modified toconform to the format expected to be received by the third-partyapplication, prior to the output of signal-related data to thethird-party application. In this way, for example, card details may beencrypted to ensure further security.

Although in foregoing embodiments the call processor is configured toprevent the alphanumeric representations from being displayed by thesoftware application and/or entered by the emulated input device signalas data into a data entry field, other interactions or commands are alsocontemplated.

The interactions or commands may act to determine that signals about tobe communicated with a third-party application are to be displayed inthe expected data entry location of the expected third-partyapplication. For example, the command or method may be configured todetermine the current ‘window title’ and the current data entry fieldtitle of a third-party application, and deny signal communication tounexpected locations. In this way, agents can be prevented, for example,from seeing sensitive card details in a separate location from wherethey can be stolen.

The interactions or commands may act so that the display of alphanumericrepresentation within the third-party application is made automaticallyto only an expected data entry location. For example, the command ormethod can include locating a data entry field with a particularproperty or characteristic (for example one which has a text label ‘CV2’on its left) and then passing the CV2 element of the card data only tothis field. In this way, card data is forced into its intended location,and cannot therefore be stolen by agents from other locations.

The interactions with the third-party application or commands output tothe third-party application may act to restrict, inhibit or deny manualdata entry in the third-party application. For example, the call centrestaff member would be denied the ability to enter, correct, overwrite or(critically) copy the customer's sensitive data from their computerscreen.

The interactions with the third-party application or commands output tothe third-party application may act to alter the visual display of thethird-party application. They may also act to change the third-partyapplication's display to show placeholder information (such as thealphanumeric character “*”). In this way, even though a call centrestaff member's computer application may be preconfigured to displaysensitive information on the computer screen, the display can be alteredthrough the use of visual masking commands or methods to obscure thedata with asterisks, or ‘X’ marks or similar.

The interactions with the third-party application or commands output tothe third-party application may act to remove existing restrictions onthe format of manual data entry within the third-party application. Thusdata passed directly to the third-party application may be of adifferent format than that allowed for by manual data entry.

The interactions with the third-party application or commands output tothe third-party application may act to hide or otherwise obscureportions of the third-party application. Accordingly, the customer'ssecure data can be hidden from the call centre staff member's computerscreen, to eliminate the ability of the staff member to note theinformation.

The interactions with the third-party application or commands output tothe third-party application may act to modify the operation of thethird-party application. It may further act to insert a ‘callback’process (which acts to allow the third-party application to providesignals back to the data entry processor, or to request transmission ofsignal-related data from the data entry processor). For example, athird-party application can request the customer's sensitive credit carddata to be communicated at the point the call centre staff memberattempts to authorise the credit card data, thus avoiding display orcommunication of the credit card information to the call centre staffmember's computer screen in advance.

The interactions with the third-party application or commands output tothe third-party application may act to modify the document object modelof a web page displayed in a web browser. For example, a web page can bealtered to change a specified credit card entry field into a ‘display asasterisks’ field, thus obscuring the card details with asterisk ‘*’characters or similar, and further restricting the agent's ability tocopy card data from that field.

The interactions with the third-party application or commands output tothe third-party application may act to detect changes in third-partyapplications, prior to communicating signals to the third-partyapplication. For example, a command or method may be configured todetect the activation of a ‘submit’ function on the call centre staffmember's computer screen, and communicate the card details at the pointthe submit function is activated. In this way, for example, an agentnever sees card data on screen.

The interactions with the third-party application or commands output tothe third-party application may act to decrypt information alreadyencrypted elsewhere. In this way, for example, data can be placed inplain sight but in an encrypted form on a call centre agent's computerscreen, and then be decrypted immediately prior to processing.

The interactions with the third-party application or commands output tothe third-party application may act to issue commands recognised by thethird-party application. Further, these commands or methods may mimicmanual commands which may be performed by an operator of the third-partyapplication. If, for example, a customer is confirming credit carddetails for a transaction using DTMF tones, the third-party applicationmay be commanded to process the transaction (for example by mimickingthe activation of a ‘submit’ function on the call centre staff member'scomputer screen) once the correct number of credit card digits has beenreceived.

The interactions with the third-party application or commands mayfurther act to gather information from a third-party application andcombine it with data from the signal interface module prior to issuingcommands recognised by the third-party application. For example, if acall centre agent is taking transaction details from a customer andentering them into a payments website, the customer's name, address andtransaction price details can be gathered from where they have alreadybeen entered into the website by the call centre agent, combined withthe customer's card details transmitted through DTMF tones, and then anHTTP ‘post’ command executed using visual masking commands or methods,to transmit all details for payment authorisation. In this way, the callcentre agent never sees the card details on screen.

The interactions with the third-party application or commands output tothe third-party application may act to reverse or undo the effect of anyinteractions with the third-party application or commands previouslyissued to the third-party application. Accordingly any changes whichhave been made to the third-party application's performance orappearance can be reversed, after (for example) a transaction has beenprocessed.

The interactions or commands may include Application ProgrammingInterface (API) communication with a third-party application, altering aweb page's HTML content or document object model, macros or scripts, orany similar or related communication required to interact with thethird-party application.

The signal-related data may be sent to the third-party applicationalphanumeric character-by-character, as the pattern is detected by theaudio processor. In this way a customer's credit card detailsrepresented in DTMF tones may be sent one character at a time to thethird-party application. Alternatively, the signal-related data may besent to the third-party application in one or more blocks. For example,a customer's credit card details may be accumulated as they arereceived, and then communicated in one block to the third-partyapplication.

The signal-related data may be sent to the third-party application atdifferent times based on the mode or status of the third-partyapplication. Thus placeholder characters may be communicated to thethird-party application until a point later in the transaction, when thereal customer sensitive data is communicated. This would ensure thatcustomer sensitive data did not appear on a call centre staff member'scomputer screen until the moment at which a transaction was to beauthorised, for example.

The signal-related data may be sent to the third-party application onreceipt of an appropriate request by the third-party application. Inthis way an appropriately-authorised third-party application couldrequest from the data entry processor (for example), that the customer'scredit card details be communicated at the point the credit card was tobe authorised, thus ensuring that the customer's credit card details didnot appear on the call centre staff member's computer screen at allprior to that event.

The interactions with the third-party application or commands output tothe third-party application may be sent to the third-party applicationat the same time as the signal-related data. They may also be sent tothe third-party application at any time before the signal-related data.They may also be sent to the third-party application at any time afterthe signal-related data.

The third-party application may comprise a computer operating system. Itmay also comprise a telecommunications device. Further thetelecommunications device may be a mobile phone. Thus commontelecommunications devices and computers used in a call centreenvironment or in an environment where transactions are performed withcustomer sensitive data, can have customer sensitive data eliminatedfrom their visual displays.

The third-party application may be a web page being displayed within acomputer operating system. It may also be an application running withina computer operating system. The third-party application may be a webpage being displayed on a telecommunications device, including a mobilephone. It may also be an application running within a telecommunicationsdevice, including a mobile phone. It may also be a database or otherdata storage medium. Thus commonly-used data entry interfaces (such ascomputer applications or websites) can have customer sensitive dataeliminated from their visual displays, and customer-sensitive data canalso be communicated directly into a database, without appearing on acall centre staff member's computer screen.

While the described methods and apparatus can provide particularadvantages to call centre operations, they are also applicable to othercommunication technologies that implement call recording of one form oranother. In this regard, although in foregoing embodiments theprocessing of signals is described as being performed for ‘incoming’signals, the processing of signals can also be performed for ‘outgoing’signals, e.g. at the call originator side.

Although the present invention has been described hereinabove withreference to specific embodiments, it will be apparent to a skilledperson in the art that modifications lie within the spirit and scope ofthe appended claims.

The invention claimed is:
 1. A method of processing signals of atelephonic communication, the signals conveying sensitive andnon-sensitive information, the method comprising: receiving signals at acall processor from a caller device; processing the signals at the callprocessor to provide a first version of the signals that is to berecorded and a second version of the signals that is to be output asaudio to an agent device, both versions conveying the same information;monitoring at the call processor the first version of the signals todetect one or more instances of one or more predeterminedcharacteristics comprising the sensitive information conveyed by thesignals; modifying the first version of the signals by removing theidentified predetermined characteristics from the first version of thesignals; and outputting the modified first version of the signals forrecording on a call recording device.
 2. A method according to claim 1,further comprising recording the first version of the signals at thecall processor.
 3. A method according to claim 1, further comprisingbuffering the first version of the signals, and wherein modifying thefirst version of the signals comprises removing at least a portion ofthe buffered first version of the signals preceding a point of detectionfor each identified instance of the predetermined characteristics.
 4. Amethod according to claim 1 further comprising determining a respectivealphanumeric representation corresponding to each identified instance ofthe predetermined characteristics, and outputting data indicative of therespective alphanumeric representation for use by a softwareapplication.
 5. A method according to claim 4, further comprisinggenerating a respective emulated input device signal for each of thealphanumeric representations, and wherein the outputting of datacomprises outputting the emulated input device signals.
 6. A methodaccording to claim 4, further comprising preventing a display of thealphanumeric representations by the software application.
 7. A methodaccording to claim 4, further comprising determining a target computerdevice from among a plurality of computer devices, the outputtingcomprising transmitting the data to the target computer device.
 8. Amethod according to claim 7, wherein the target computer device isdetermined based on an IP address contained in the signals.
 9. A methodaccording to claim 4, wherein the software application resides on acomputer device at a location remote from the call processor, the methodfurther comprising encrypting the data.
 10. A method according to claim4, wherein the data indicative of the alphanumeric representationsoutput by the call processor is entered into a validated data entryfield of the software application.
 11. A method according to claim 1,further comprising: monitoring at the call processor the second versionof the signals to detect one or more instances of one or morepredetermined characteristics comprising the sensitive informationconveyed by the signals; modifying the second version of the signals byremoving the identified predetermined characteristics from the secondversion of the signals; and outputting the modified second version ofthe signals.
 12. A call processor for processing signals of a telephoniccommunication, the signals conveying sensitive and non-sensitiveinformation, the call processor comprising: means configured to receivefirst and second versions of the signals received from a calling device,the first and second versions conveying the same information, the firstversion for being recorded, the second version for being output as audioto an agent device; means configured to monitor the first version of thesignals to detect one or more instances of one or more predeterminedcharacteristics comprising the sensitive information conveyed by thesignals; means configured to modify the first version of the signals byremoving the identified predetermined characteristics from the firstversion of the signals; and means configured to output the modifiedfirst version of the signals for recording on a call recording device.13. A call processor according to claim 12, further comprising meansconfigured to record the first version of the signals.
 14. A callprocessor according to claim 12, further comprising means configured tobuffer the first version of the signals, and wherein the meansconfigured to modify the first version of the signals is configured toremove at least a portion of the buffered first version of the signalspreceding a point of detection for each identified instance of thepredetermined characteristics.
 15. A call processor according to claim12, further comprising: means configured to determine a respectivealphanumeric representation corresponding to each identified instance ofthe predetermined characteristics, and means configured to output dataindicative of the alphanumeric representations for use by a softwareapplication.
 16. A call processor according to claim 15, furthercomprising means configured to generate a respective emulated inputdevice signal for each of the alphanumeric representations, and whereinthe means configured to output data is configured to output the emulatedinput device signals.
 17. A call processor according to claim 15,further comprising means configured to prevent a display of thealphanumeric representations by the software application.
 18. A callprocessor according to claim 15, further comprising means configured todetermine a target computer device from among a plurality of computerdevices, wherein the means configured to output data transmits the datato the target computer device.
 19. A call processor according to claim18, wherein the target computer device is determined based on an IPaddress contained in the signals.
 20. A call processor according toclaim 15, wherein the software application resides on a computer deviceat a location remote from the call processor, the call processor furthercomprising means configured to encrypt the data.
 21. A call processoraccording to claim 15, wherein the means configured to output the datais further configured to enter the data into a validated entry field ofthe software application.
 22. A call processor according to claim 12,further comprising means configured to output a modified second versionof the signals.
 23. A method of processing signals of a telephoniccommunication, the signals conveying sensitive and non-sensitiveinformation, the method comprising: receiving signals at a callprocessor from a caller device, the signals including a first version ofthe signals to be recorded; buffering the first version of the signals;monitoring the signals to detect, in the buffered signals, one or moreinstances of one or more predetermined characteristics comprising thesensitive information conveyed by the signals; modifying the bufferedsignals by removing the identified predetermined characteristics; andoutputting the modified buffered signals for recording on a callrecording device.
 24. A method according to claim 23, wherein modifyingthe buffered signals comprises removing at least a portion of thebuffered signals preceding a point of detection for each identifiedinstance of the predetermined characteristics.
 25. A method according toclaim 23, further comprising recording the modified signals.
 26. A callprocessor for processing signals of a telephonic communication, thesignals conveying sensitive and non-sensitive information, the signalsbeing received from a caller device and including a first version of thesignals to be recorded, the call processor comprising: means configuredto buffer the first version of the signals; means configured to monitorthe signals to detect, in the buffered signals, one or more instances ofone or more predetermined characteristics comprising the sensitiveinformation conveyed by the signals; means configured to modify thebuffered signals by removing the identified predeterminedcharacteristics, and means for outputting the modified buffered signalsfor recording on a call recording device.
 27. A call processor accordingto claim 26, wherein the means configured to modify the buffered signalsis configured to modify the buffered signals by removing at least aportion of the buffered signals preceding a point of detection for eachidentified instance of the predetermined characteristics.
 28. A callprocessor according to claim 26, further comprising means configured torecord the modified signals.
 29. A method of processing signals of atelephonic communication, the signals conveying sensitive andnon-sensitive information, the method comprising: receiving signals at acall processor from a caller device; processing the signals at the callprocessor to provide a first version of the signals that is to berecorded and a second version of the signals from which information isto be extracted, the first and second versions conveying the sameinformation; at a first location: monitoring the first version of thesignals to detect one or more instances of one or more predeterminedcharacteristics comprising the sensitive information conveyed by thesignals; modifying the first version of the signals by removing theidentified predetermined characteristics from the first version of thesignals; and outputting the modified first version of the signals forrecording; and at one or more second locations: monitoring the secondversion of the signals to detect one or more instances of one or morepredetermined characteristics comprising the sensitive informationconveyed by the signals; determining a respective alphanumericrepresentation corresponding to each identified instance of thepredetermined characteristics; and outputting data indicative of thealphanumeric representations for use by a software application.
 30. Amethod according to claim 29, further comprising, at the first location,buffering the first version of the signals, and wherein modifying thefirst version of the signals comprises removing at least a portion ofthe buffered first version of the signals preceding a point of detectionfor each identified instance of the predetermined characteristics.
 31. Amethod according to claim 29, further comprising recording the firstversion of the signals at the first location.
 32. A method according toclaim 29, further comprising, at the one or more second locations,preventing a display of the alphanumeric representations by the softwareapplication.
 33. A method according to claim 29, further comprising, atthe one or more second locations, modifying the second version of thesignals by removing the identified predetermined characteristics fromthe second version of the signals, and outputting the second version ofthe signals for hearing.
 34. A method according claim 29, furthercomprising, at the one or more second locations, generating a respectiveemulated input device signal for each of the alphanumericrepresentations, and wherein the outputting of data comprises outputtingthe emulated input device signals.
 35. A method according to claim 29,further comprising entering the data into a validated data entry fieldof the software application.
 36. A call processor for processing signalsof a telephonic communication, the signals conveying sensitive andnon-sensitive information, the call processor comprising: means forreceiving signals from a caller device; means for processing thereceived signals to provide a first version of the signals that is to berecorded and a second version of the signals from which information isto be extracted, the first and second versions containing the sameinformation; a first means at a first location, comprising: receivingmeans configured to receive a first version of the signals; monitoringmeans configured to monitor the first version of the signals to detectone or more instances of one or more predetermined characteristicscomprising the sensitive information conveyed by the signals; modifyingmeans for modifying the first version of the signals by removing theidentified predetermined characteristics from the first version of thesignals; and outputting means for outputting the modified first versionof the signals for recording; and a second means at one or more secondlocations, comprising: receiving means configured to receive the secondversion of the signals; monitoring means configured to monitor thesecond version of the signals to detect one or more instances of one ormore predetermined characteristics comprising the sensitive informationconveyed by the signals; determining means configured to determine arespective alphanumeric representation corresponding to each identifiedinstance of the predetermined characteristics; and outputting meansconfigured to output data indicative of the alphanumeric representationsfor use by a software application.
 37. A call processor according toclaim 36, wherein the first means further comprises buffering meansconfigured to buffer the first version of the signals, and wherein themodifying means is configured to remove at least a portion of thebuffered first version of the signals preceding a point of detection foreach identified instance of the predetermined characteristics.
 38. Acall processor according to claim 36, wherein the first means furthercomprises means configured to record the first version of the signals.39. A call processor according to claim 36, wherein the second meansfurther comprises preventing means configured to prevent a display ofthe alphanumeric representations by the software application.
 40. A callprocessor according to claim 36, wherein the second means furthercomprises: modifying means configured to modify the second version ofthe signals by removing the identified predetermined characteristicsfrom the second version of the signals, and outputting means configuredto output the second version of the signals for hearing.
 41. A callprocessor according to claim 36, wherein the second means furthercomprises generating means configured to generate a respective emulatedinput device signal for each of the alphanumeric representations, andwherein the outputting means configured to output data is configured tooutput the emulated input device signals.
 42. A call processor accordingto claim 36, wherein the outputting means configured to output the datain the second means is further configured to enter the data into avalidated data entry field of the software application.
 43. A method ofprocessing signals of a telephonic communication by a call processor,the signals conveying sensitive and non-sensitive information, themethod comprising: receiving the signals at a call processor from acaller device; monitoring the received signals, at the call processor,to detect one or more instances of one or more predeterminedcharacteristics comprising the sensitive information conveyed by thesignals; determining, at the call processor, a respective alphanumericrepresentation corresponding to each identified instance of thepredetermined characteristics; generating data indicative of the saidalphanumeric representations; determining a target computer device fromamong a plurality of computer devices; and outputting the data for useby a software application executable on the target computer device. 44.A method according to claim 43, further comprising modifying thereceived signals by removing the identified predeterminedcharacteristics from the received signals, and outputting the modifiedsignals for recording.
 45. A method according to claim 43, wherein thedata comprises a respective emulated input device signal generated foreach alphanumeric representation.
 46. A method according to claim 45,further comprising entering the emulated input device signal as datainto a validated data entry field of the software application.
 47. Amethod according to claim 43, further comprising preventing a display ofthe said alphanumeric representation by the software application.
 48. Amethod according to claim 43, wherein the target computer device isdetermined based on an IP address contained in the signals.
 49. A callprocessor for processing signals of a telephonic communication, thesignals conveying sensitive and non-sensitive information, the callprocessor comprising: means configured to receive the signals from acaller device; means configured to monitor the signals to detect one ormore instances of one or more predetermined characteristics comprisingthe sensitive information; means configured to determine a respectivealphanumeric representation corresponding to each identified instance ofthe predetermined characteristics; means configured to generate dataindicative of the alphanumeric representations; means configured todetermine a target computer device from among a plurality of computerdevices; and means configured to output the data for use by a softwareapplication executable on the target computer device.
 50. A callprocessor according to claim 49, further comprising: means configured tomodify the received signals by removing the identified predeterminedcharacteristics from the received signals, and means configured tooutput the modified signals for recording.
 51. A call processoraccording to claim 49, wherein the data comprises a respective emulatedinput device signal generated for each alphanumeric representation. 52.A call processor according to claim 51, further comprising meansconfigured to enter the emulated input device signals as data into avalidated data entry field of the software application.
 53. A callprocessor according to claim 49, further comprising means configured toprevent a display of the alphanumeric representations by the softwareapplication.
 54. A call processor according to claim 49, wherein themeans configured to determine a target computer device is configured todetermine the target computer device based on an IP address contained inthe signals.
 55. A method of conducting a transaction, the methodcomprising: establishing a telephonic communication between a customerand a call centre agent, the telephonic communication comprising signalsconveying sensitive and non-sensitive information of the customer;processing the signals at a call processor to provide a first version ofthe signals that is to be recorded and a second version of the signalsthat is to be output as audio to the call centre agent, the first andsecond versions conveying the same information; monitoring, by the callprocessor, the first version of the signals to detect one or moreinstances of one or more predetermined characteristics comprising thesensitive customer information conveyed by the first version signals;modifying, by the call processor, the first version of the signals byremoving the identified predetermined characteristics from the firstversion of the signals; and processing the transaction by a softwareapplication executing on a computing device, using the sensitiveinformation conveyed in the signals.
 56. A method according to claim 55,further comprising: determining, by the call processor, a respectivealphanumeric representation corresponding to each identified instance ofthe predetermined characteristics; generating, by the call processor,data indicative of the alphanumeric representations; and outputting, bythe call processor, the data for use by the software application toprocess the transaction.
 57. A method according to claim 56, wherein thedata comprises a respective emulated input device signal for each of thealphanumeric representations.
 58. A method according to claim 5, furthercomprising identifying, by the call processor, the computing device fromamong a plurality of computing devices.
 59. A method according to claim58, wherein the determining is based on an IP address contained in thesignals.
 60. A method according to claim 56, further comprisingencrypting, by the call processor, the data; and wherein the outputtingcomprises outputting the encrypted data for transmission over a networkto a computing device at a location remote from the call centre.